1. Field of the Invention
The present invention relates generally to cryptographic systems, and more specifically to cryptographic systems that are run by a computer program.
2. Description of Related Art
Global access of electronic information can be critical for even the smallest of businesses today. Very few companies operate solely within the boundaries that define their “Company.” Over the last 25 years, technology has rapidly advanced and expanded these boundaries. The advent of such technologies as the Internet, Intranets, extranets, and e-mail, have made the electronic transfer of information common place in businesses today. Management of “Company” information is critical to the success of the “Company.” Enterprise Document Management (EDM) and e-mail systems provide the “Company” the right technology to find any document, created in any application, by anyone, at any time, dealing with any subject, at any place in the world, and communicate to and from anyone at anytime.
With the advanced technology and integration of EDM and e-mail systems comes a wide variety of information that has varying economic values and privacy aspects. Users may not know what information is monitored or intercepted, especially when information is sent by e-mail over the Internet and outside the “Company.”
E-mail is one of the fastest growing means of communication today. The use of e-mail has dramatically increased from 100,000 users in the late 1970's to about 50 million users in 1997, with over 100 million users predicted by the year 2000. This trend correlates with the advent of low-cost Internet access, mass marketed on-line services, and employer provided e-mail accounts for an estimated 30 to 40 million employees. Thus, 15% of the United States population is currently using e-mail. This number is rapidly growing. E-mail provides a quick, economical, easy to use method of sharing both thought and electronic information. Unfortunately, e-mail is like an electronic postcard for the world to see. It is transmitted across the Internet using the Simple Mail Transfer Protocol (SMTP). This protocol has virtually no security features. Messages and files can be read by anyone who comes into contact with them.
Consider the spectrum of information at risk:                Company strategic and corporate plans (acquisitions, internal financials, sales forecasts)        Proprietary product information (designs, formulas, processes)        Confidential legal information (patents, client/attorney privileged information, memos)        Private health information (test results, treatments received, lab reports)        Private employment information (salaries, performance evaluations, benefits)        
As companies increase the efficiency to access more information, their security risks will also increase. How true is this? According to a recent survey by Ernst & young LLP the following results were reported:                74% of the respondents say their risks have increased over the last two years.        More than a quarter of the respondents say that their risks have increased at a faster rate than the growth of their computing.        73% of companies don't have the internal resources capable of dealing with network security problems.        55% of the respondents lacked confidence that their systems could withstand an internal attack.        71% of security professionals are not confident their organizations are protected from external attack.        Two-thirds of the respondents reported losses resulting from a security breach over the last two years.        The bottom line is simple: the more information is available, the more security and authentication is needed. Increasingly, information professionals are turning to encryption and authentication technologies to ensure the privacy and integrity of “Company” information. Encryption and authentication technologies provide confidentiality, source authentication, and data integrity.        
Encryption is a process of scrambling data utilizing a mathematical function called an encryption algorithm, and a key that affects the results of this mathematical finction. Data, before becoming encrypted, is said to be “clear text.” Encrypted data is said to be “cipher text.” With most encryption algorithms, it is nearly impossible to convert cipher text back to clear text without knowledge of the encryption key used. The strength of the encryption data is generally dependent upon the encryption algorithm and the size of the encryption key.
There are two types of encryption: symmetric (private key) and asymmetric (public key.)
Private key encryption uses a common secret key for both encryption and decryption. Private key encryption is best suited to be used in trusted work groups. It is fast and efficient, and properly secures large files. The leading private key encryption is DES (Data Encryption Standard). DES was adopted as a federal standard in 1977. It has been extensively used and is considered to be strong encryption. Other types of private key encryption include: Triple-DES, IDEA, RC4, MD5, Blowfish and Triple Blowfish.
Public key encryption uses a pair of keys, one public and one private. Each user has a personal key pair, and the user's public (or decryption) key is used by others to send encrypted messages to the user, while the private (or decryption) key is employed by the user to decrypt messages received. Public key encryption and key generation algorithms include the public domain Diffie-Hellman algorithm, the RSA algorithm invented by Rivest, Shamir and Adleman at the Massachusetts Institute of Technology (MIT), and the Pretty Good Privacy algorithm (PGP) developed by Phil Zimmermann. Because of their mathematical structure, public key encryption is slower than most private key systems, thus making them less efficient for use in a trusted network or for encrypting large files.
Although these private key and public key encryption algorithms do a good job at maintaining the confidentiality of the encrypted matter, they have numerous problems. The biggest obstacle to adoption of any type of encryption system has been ease of use. Typical encryption systems are very cumbersome. They require a user to interrupt the user's normal work flow, save the clear text document, activate the separate encryption software, and save the cipher text document under a different name. Where the subject document is ordinary e-mail contents, the process can be especially cumbersome, particularly if clear text must first be created in a separate application, then encrypted, then attached to the e-mail message.
A major concern in computing today is “total cost of ownership,” or TCO. TCO recognizes that while a program might be inexpensive (or even free in the case of PGP for non-commercial use), there are significant costs in using the software. This includes the cost of installation, training, lost productivity during use and from bugs, and maintenance.
Even where one of the typical encryption systems might satisfy a user's TCO needs, it may not even be an available option. For example, typical Electronic Document Management Systems are self-contained and are not compatible with typical encryption systems.
There are many different encryption and authentication technologies that do not work with one another. This makes universal implementation of encryption systems more difficult and expensive. A need exists, therefore, for a technology that allows easy and inexpensive implementation of multiple encryption systems.
In addition, it is not always desirable to encrypt an entire document or file. For example, a memo might be sent to a group of people, but the sender might not want the entire group of people to have access to certain sensitive information contained within the memo. One way to solve this problem is to create two different memos that are sent to the two different groups. However, this practice risks inadvertent disclosure and can be cumbersome.
Another way of solving this problem is to encrypt the portion of the document that contains the sensitive information and a commercially available program allows a user to do just that. The program is told the starting and stopping point of the clear text to be encrypted, the clear text is then converted to cipher text by the encryption program, and the cipher text is then inserted back into the memo for the clear text that was encrypted. To decrypt the cipher text, a user must identify, precisely, the beginning and the end of the cipher text to be decrypted. When the cipher text has been decrypted, the program replaces the cipher text in the memo with the clear text that was originally encrypted to generate the cipher text. However, if the user makes an error in identifying the beginning or the end of the cipher text, or if the text is inadvertently modified, the decryption process will corrupt the clear text that was encrypted, thus rendering the cipher text meaningless since any subsequent attempt to decrypt the cipher text will fail.
Accordingly, there is also a need for an easy to use and inexpensive technology that allows users to conveniently encrypt and decrypt a portion of a file or document, especially if this feature can be combined with implementation of multiple encryption systems in a transparent process.